Denis.Russell@newcastle.ac.uk (05/29/90)
I don't know whether this is the right mailing list for this query. If not, then apologies, and please direct me to a more suitable list. The Kerberos system supplies one of the necessities for seamless distributed processing - authentication, and the concept of a single distributed-system-wide identity. One of the other concepts that I've always thought of as a natural extension of this is that of network accounting. That is, the allocation of resources to individuals or "accounts" and the proper accounting for the "spending" or possible transfer of these resources. Some might even correspond to real money, while others might be line-printer pages, say, or even entities or tokens generated by value-added services. All this needs to be done at the institutional level, above the level of individual machines. My understanding is that Project Athena does not have any such accounting concept - though I'm open to immediate correction on this. However, many Computing Centres are moving strongly towards cost recovery in various forms, and I believe that strong generalized network accounting services (quite independent of individual "hosts" or "machines") are inevitable. I'm just hoping that someone has devised such a creature so we don't have to make one ourselves. Denis Russell Denis Russell JANET: Denis.Russell@uk.ac.newcastle Computing Laboratory ARPA: Denis.Russell@newcastle.ac.uk The University Claremont Road Tel: (+44) 91 222 8243 Newcastle upon Tyne Fax: (+44) 91 222 8232 NE1 7RU Telex: 53 65 4 UNINEW G ENGLAND
davecb@yunexus.UUCP (David Collier-Brown) (05/30/90)
Denis.Russell@newcastle.ac.uk writes: >I don't know whether this is the right mailing list for this >query. If not, then apologies, and please direct me to a more >suitable list. I'm going to claim that comp.protocols.misc is a "right" place, and direct followups there... | One of the other | concepts that I've always thought of as a natural extension of | this is that of network accounting. That is, the allocation of | resources to individuals or "accounts" and the proper accounting | for the "spending" or possible transfer of these resources. I see this as a protocol layered on Kerberos, such that an accounting server gives out accounting tickets (:-)) which in turn contain/accompany kerberos tickets. At the programmatic level, this can be quite easy: for services with a fixed cost per use it only requires linking with a library which overloads the kerberos authentication calls with calls to the accounting service, which in turn depends on kerberos for authentication of the request/response. For services with a variable cost (ie, printers), it requires explicit attention, with calls to both accounting and authentication services. At the protocol level, it looks fairly hard! It does require a distributed database (unless accounting outages are to lock up all the services!) and some carefull study to get it right. | I'm just hoping that someone has devised such a creature so we | don't have to make one ourselves. Well, someone is sure to point out that Athena has been working on a printing service with accounting (Palladium), but when I was there earlier this year they had just put installing it off again until at least the 6.5 release. I suspect (ie, hope) we'll hear a bit about Palladium in this discussion. --dave -- David Collier-Brown, | davecb@Nexus.YorkU.CA, ...!yunexus!davecb or 72 Abitibi Ave., | {toronto area...}lethe!dave Willowdale, Ontario, | "And the next 8 man-months came up like CANADA. 416-223-8968 | thunder across the bay" --david kipling